Ai Course Agent

Key things to consider before installing: - The skill requires you to provide EDUSTEM_USERNAME and EDUSTEM_PASSWORD; those credentials will be sent to the API endpoint hardcoded in the skill (an ngrok domain: 6bb95bf119bf.ngrok-free.app). Ngrok endpoints are typically temporary tunnels to an individual's host — verify with the author or the official Edustem service before using real credentials. If in doubt, use a throwaway/test Edustem account only. - The SkillPay API key and skill ID are hardcoded in src/skillpay.ts. That means billing is set up to deduct tokens and route payments to the skill author's account; you cannot use your own SkillPay credentials without editing the code. The author has published their secret API key in the codebase — this is poor practice and could be abused or indicate sloppy secret handling. - The registry metadata and SKILL.md disagree about required environment variables — the SKILL.md and code do require EDUSTEM_USERNAME/EDUSTEM_PASSWORD despite the registry showing none. This inconsistency lowers trust. - Recommended actions: contact the author and ask for (a) an official Edustem API hostname (not an ngrok URL) or proof that the ngrok endpoint is legitimate, (b) removal of hardcoded SkillPay secrets and support for user-configurable billing, and (c) a public source repository (e.g., GitHub) with author identity and commit history. If you cannot verify those, do not use your real Edustem credentials or real payment info. Prefer installing only after the above concerns are remediated. - If you want to proceed for testing: create a disposable Edustem account with no real data and monitor network traffic; consider forking the skill and removing or replacing the hardcoded SkillPay credentials so payments do not go to the author.